当用户想要登录时,他们必须提供发布到profile.PHP的用户名和密码.
profile.PHP做了一个简单的检查:
// Sanity Check
if(empty($_POST['smart_email'])|| empty($_POST['smart_password']))
{
echo 'Sorry,wrong login/passwd';
exit;
}
else
{
//
$smart_email = $_POST['smart_email'];
$smart_password=$_POST['smart_password'];
// Check if registerd and password matches
if(DB_IsAuthorized($smart_email,$smart_password) == true)
{
// Obtain proper UserID from the database
$UserID = DB_GetId($smart_email);
// set the session user_id variable
$_SESSION['user_id'] = $UserID;
//
// Display the User profile page
//
}
}
从那时起,与用户相关的每个页面都会检查$_SESSION中设置的user_id,以确定此用户是否已登录并已获得授权.
if (isset($_SESSION['user_id']) && is_numeric($_SESSION['user_id']) && $_SESSION['user_id']>0)
{
// USER IS LOGGED IN
}
最佳答案